Home/ Questions/Q 8761129
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T15:12:50+00:00

I just recently started using active record (before I just wrote manual queries since

  • 0

I just recently started using active record (before I just wrote manual queries since I was so used to them).

I was looking at the code of ion_auth and I saw that in a few places the strings had been escaped even though active record was used,

i.e

 ->where($this->identity_column, $this->db->escape_str($identity))
 ->where($this->tables['groups'].'.name', $this->db->escape_str($group))

Thing is, I havent escaped anywhere where I have used active record since on the documentation it said active record escapes strings automatically.

My question, when using active record, are there some situations when you should escape strings?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    From the Codeigniter User Guide:

    Beyond simplicity, a major benefit to using the Active Record features
    is that it allows you to create database independent applications,
    since the query syntax is generated by each database adapter. It also
    allows for safer queries, since the values are escaped automatically
    by the system.

    The creator of ion_auth may have had a particular reason for escaping the string, but if you are using Active Record, Codeigniter escapes the queries automatically.

    But there are queries that “look” like they might be Active Record, which need to be escaped. Here’s a list of them, again from the Codeigniter User Guide.

    • 0